Operating systems and programming languages supported by Amazon Inspector - Amazon Inspector

Operating systems and programming languages supported by Amazon Inspector

Amazon Inspector can scan software applications installed on Amazon Elastic Compute Cloud (Amazon EC2) instances, container images stored in Amazon Elastic Container Registry (Amazon ECR) repositories, and AWS Lambda functions. For ECR container images, Amazon Inspector can scan for both operating system and programming language package vulnerabilities. For Lambda functions, Amazon Inspector can scan for code vulnerabilities. When Amazon Inspector scans resources, it uses its own purpose-built scanning engine and it sources more than 50 data feeds to generate findings for Common Vulnerabilities and Exposures (CVEs). Sources include vendor security advisories, NVD, MITRE, open-source feeds, internal research, and licensed data feeds.

For Amazon Inspector to scan a resource, the resource must be running a supported operating system or use a supported programming language. The topics in this section list the operating systems, runtimes, and programming languages that Amazon Inspector currently supports for different resources and scan types. They also list operating systems that Amazon Inspector previously supported, but have since been discontinued by vendors. Amazon Inspector can provide only limited support for an operating system after a vendor discontinues support for the operating system.

Supported operating systems: Amazon EC2 scanning

The following table lists the operating systems that Amazon Inspector supports for the scanning of Amazon EC2 instances. It lists the source of the vendor security advisories for each operating system. It also helps you determine whether any of the supported operating systems can be scanned using agent-based scanning or agentless scanning.

When using the agent-based scanning method, you configure the SSM agent to perform continuous scans on all eligible instances. Amazon Inspector recommends that you configure a version of the SSM agent that's greater than 3.2.2086.0. For more information, see Working with the SSM Agent in the Amazon EC2 Systems Manager User Guide.

Note

Linux operating system detections are supported only for the default package manager repository (rpm and dpkg) and don't include third-party applications, extended support repositories (BYOS RHEL, PAYG RHEL, and RHEL for SAP), and optional repositories (Red Hat Application Streams).

Operating system Version Vendor security advisories Agentless scan support Agent-based scan support
AlmaLinux 8 ALSA Yes Yes
AlmaLinux 9 ALSA Yes Yes
Amazon Linux (AL2) AL2 ALAS Yes Yes
Amazon Linux 2023 (AL2023) AL2023 ALAS Yes Yes
Bottlerocket 1.7.0 and later GHSA, CVE No Yes
CentOS Linux (CentOS) 7 CESA Yes Yes
Debian Server (Buster) 10 DSA Yes Yes
Debian Server (Bullseye) 11 DSA Yes Yes
Debian Server (Bookworm) 12 DSA Yes Yes
Fedora 38 CVE Yes Yes
Fedora 39 CVE Yes Yes
OpenSUSE Leap 15.5 CVE Yes Yes
Oracle Linux (Oracle) 7 ELSA Yes Yes
Oracle Linux (Oracle) 8 ELSA Yes Yes
Oracle Linux (Oracle) 9 ELSA Yes Yes
Red Hat Enterprise Linux (RHEL) 7 RHSA Yes Yes
Red Hat Enterprise Linux (RHEL) 8 RHSA Yes Yes
Red Hat Enterprise Linux (RHEL) 9 RHSA Yes Yes
Rocky Linux 8 RLSA Yes Yes
Rocky Linux 9 RLSA Yes Yes
SUSE Linux Enterprise Server (SLES) 12.5 SUSE CVE Yes Yes
SUSE Linux Enterprise Server (SLES) 15.5 SUSE CVE Yes Yes
Ubuntu (Xenial) 16.04 (ESM) USN, Ubuntu Pro Yes Yes
Ubuntu (Bionic) 18.04 (ESM) USN, Ubuntu Pro Yes Yes
Ubuntu (Focal) 20.04 (LTS) USN Yes Yes
Ubuntu (Jammy) 22.04 (LTS) USN Yes Yes
Ubuntu (Mantic Minotaur) 23.10 USN Yes Yes
Windows Server 2016 MSKB No Yes
Windows Server 2019 MSKB No Yes
Windows Server 2022 MSKB No Yes
macOS (Mojave) 10.14 APPLE-SA No Yes
macOS (Catalina) 10.15 APPLE-SA No Yes
macOS (Big Sur) 11 APPLE-SA No Yes
macOS (Monterey) 12 APPLE-SA No Yes
macOS (Ventura) 13 APPLE-SA No Yes

Supported programming languages: Amazon EC2 deep inspection

Amazon Inspector currently supports the following programming languages when scanning Amazon EC2 Linux instances for vulnerabilities in third-party software packages:

  • Java

  • JavaScript

  • Python

Amazon Inspector uses Systems Manager Distributor to deploy the plugin used for deep inspection in your Amazon EC2 instance. Systems Manager Distributor supports the operating systems listed as Supported package platforms and architectures in the Systems Manager guide. Your Amazon EC2 instance's operating system must be supported by Systems Manager Distributor and Amazon Inspector for Amazon Inspector to perform deep inspection scans.

Note

Deep inspection is not supported for Bottlerocket operating systems.

Supported operating systems: CIS scanning

The following table lists the operating systems that Amazon Inspector currently supports for CIS scans. It also lists the CIS benchmark version that's used to perform scans of that operating system.

Operating system Version CIS benchmark version
Amazon Linux 2 AL2 2.0.0
Amazon Linux 2023 AL2023 1.0.0
Red Hat Enterprise Linux (RHEL) 8 3.0.0
Red Hat Enterprise Linux (RHEL) 9 1.0.0
Rocky Linux 8 2.0.0
Rocky Linux 9 1.0.0
Ubuntu (Bonic) 18.04 (LTS) 2.1.0
Ubuntu (Focal) 20.04 (LTS) 2.0.1
Ubuntu (Jammy) 20.04 (LTS) 1.0.0
Windows Server 2019 2.0.0
Windows Server 2022 2.0.0

Supported operating systems: Amazon ECR scanning with Amazon Inspector

Amazon Inspector currently supports scanning the following operating systems when scanning container images in Amazon ECR repositories:. The table also lists the source of the vendor security advisories for each operating system.

Operating system Version Vendor security advisories
Alpine Linux (Alpine) 3.16 Alpine SecDB
Alpine Linux (Alpine) 3.17 Alpine SecDB
Alpine Linux (Alpine) 3.18 Alpine SecDB
Alpine Linux (Alpine) 3.19 Alpine SecDB
AlmaLinux 8 ALSA
AlmaLinux 9 ALSA
Amazon Linux (AL2) AL2 ALAS
Amazon Linux 2023 (AL2023) AL2023 ALAS
CentOS Linux (CentOS) 7 CESA
Debian Server (Buster) 10 DSA
Debian Server (Bullseye) 11 DSA
Debian Server (Bookworm) 12 DSA
Fedora 38 CVE
Fedora 39 CVE
OpenSUSE Leap 15.5 CVE
Oracle Linux (Oracle) 7 ELSA
Oracle Linux (Oracle) 8 ELSA
Oracle Linux (Oracle) 9 ELSA
Photon OS 4 PHSA
Photon OS 5 PHSA
Red Hat Enterprise Linux (RHEL) 7 RHSA
Red Hat Enterprise Linux (RHEL) 8 RHSA
Red Hat Enterprise Linux (RHEL) 9 RHSA
Rocky Linux 8 RLSA
Rocky Linux 9 RLSA
SUSE Linux Enterprise Server (SLES) 12.5 SUSE CVE
SUSE Linux Enterprise Server (SLES) 15.5 SUSE CVE
Ubuntu (Xenial) 16.04 (ESM) USN, Ubuntu Pro
Ubuntu (Bionic) 18.04 (ESM) USN, Ubuntu Pro
Ubuntu (Focal) 20.04 (LTS) USN
Ubuntu (Jammy) 22.04 (LTS) USN
Ubuntu (Mantic Minotaur) 23.10 USN

Supported programming languages: Amazon ECR scanning

Amazon Inspector currently supports the following programming languages when scanning container images in Amazon ECR repositories:

  • C#

  • Go

  • Java

  • JavaScript

  • PHP

  • Python

  • Ruby

  • Rust

Supported runtimes: Amazon Inspector Lambda standard scanning

Amazon Inspector Lambda standard scanning currently supports the following programming languages when scanning Lambda functions for vulnerabilities in third-party software packages:

  • Java

    • java8

    • java8.al2

    • java11

    • java17

  • Node.js

    • nodejs12.x

    • nodejs14.x

    • nodejs16.x

    • nodejs18.x

    • nodejs20.x

  • Python

    • python3.7

    • python3.8

    • python3.9

    • python3.10

    • python3.11

  • Go

    • go1.x

  • Ruby

    • ruby2.7

    • ruby3.2

  • .NET

    • .NET 6

Supported runtimes: Amazon Inspector Lambda code scanning

Amazon Inspector Lambda code scanning currently supports the following programming languages when scanning Lambda functions for vulnerabilities in code:

  • Java

    • java8

    • java8.al2

    • java11

    • java17

  • Node.js

    • nodejs12.x

    • nodejs14.x

    • nodejs16.x

    • nodejs18.x

    • nodejs20.x

  • Python

    • python3.7

    • python3.8

    • python3.9

    • python3.10

    • python3.11

  • Ruby

    • ruby2.7

    • ruby3.2

  • .NET

    • .NET 6

Discontinued operating systems

Standard vendor support for the operating systems listed in the following tables has been discontinued by the vendor. In the tables, the Discontinued column indicates when the vendor discontinued standard support for an operating system.

Amazon Inspector previously provided full support for these operating systems and will continue to scan Amazon EC2 instances and Amazon ECR container images that are running them. However, in accordance with vendor policy, the operating systems are no longer updated with patches and, in many cases, new security advisories are no longer released for them. In addition, some vendors remove existing security advisories and detections from their feeds when an affected operating system reaches the end of standard support. Consequently, Amazon Inspector might stop generating findings for known CVEs. Any findings that Amazon Inspector does generate for a discontinued operating system should be used for informational purposes only.

As a security best practice and for continued Amazon Inspector coverage, we encourage you to move to a current, supported version of an operating system.

Discontinued operating systems: Amazon EC2 scanning

Operating system Version Discontinued
Amazon Linux (AL1) 2012 December 31, 2021
CentOS Linux (CentOS) 8 December 31, 2021
Debian Server (Stretch) 9 June 30, 2022
Fedora 35 December 13, 2022
Fedora 36 May 16, 2023
Fedora 37 December 15, 2023
OpenSUSE Leap 15.2 December 1, 2021
OpenSUSE Leap 15.3 December 1, 2022
OpenSUSE Leap 15.4 December 7, 2023
Oracle Linux (Oracle) 6 March 1, 2021
SUSE Linux Enterprise Server (SLES) 12 June 30, 2016
SUSE Linux Enterprise Server (SLES) 12.1 May 31, 2017
SUSE Linux Enterprise Server (SLES) 12.2 March 31, 2018
SUSE Linux Enterprise Server (SLES) 12.3 June 30, 2019
SUSE Linux Enterprise Server (SLES) 12.4 June 30, 2020
SUSE Linux Enterprise Server (SLES) 15 December 31, 2019
SUSE Linux Enterprise Server (SLES) 15.1 January 31, 2021
SUSE Linux Enterprise Server (SLES) 15.2 December 31, 2021
SUSE Linux Enterprise Server (SLES) 15.3 December 31, 2022
SUSE Linux Enterprise Server (SLES) 15.4 December 31, 2023
Ubuntu (Trusty) 14.04 (ESM) April 1, 2024
Ubuntu (Groovy) 20.10 July 22, 2021
Ubuntu (Hirsute) 21.04 January 20, 2022
Ubuntu (Impish) 21.10 July 31, 2022
Ubuntu (Kinetic) 22.10 July 20, 2023
Ubuntu (Lunar Lobster) 23.04 January 25, 2024
Windows Server 2012 October 10, 2023
Windows Server 2012 R2 October 10, 2023

Discontinued operating systems: Amazon ECR scanning

Operating system Version Discontinued
Alpine Linux (Alpine) 3.12 May 1, 2022
Alpine Linux (Alpine) 3.13 November 1, 2022
Alpine Linux (Alpine) 3.14 May 1, 2023
Alpine Linux (Alpine) 3.15 November 1, 2023
Amazon Linux (AL1) 2012 December 31, 2021
CentOS Linux (CentOS) 8 December 31, 2021
Debian Server (Stretch) 9 June 30, 2022
Fedora 35 December 13, 2022
Fedora 36 May 16, 2023
Fedora 37 December 15, 2023
OpenSUSE Leap 15.2 December 1, 2021
OpenSUSE Leap 15.3 December 1, 2022
OpenSUSE Leap 15.4 December 7, 2023
Oracle Linux (Oracle) 6 March 1, 2021
Photon OS 3 March 1, 2024
SUSE Linux Enterprise Server (SLES) 12 June 30, 2016
SUSE Linux Enterprise Server (SLES) 12.1 May 31, 2017
SUSE Linux Enterprise Server (SLES) 12.2 March 31, 2018
SUSE Linux Enterprise Server (SLES) 12.3 June 30, 2019
SUSE Linux Enterprise Server (SLES) 12.4 June 30, 2020
SUSE Linux Enterprise Server (SLES) 15 December 31, 2019
SUSE Linux Enterprise Server (SLES) 15.1 January 31, 2021
SUSE Linux Enterprise Server (SLES) 15.2 December 31, 2021
SUSE Linux Enterprise Server (SLES) 15.3 December 31, 2022
SUSE Linux Enterprise Server (SLES) 15.4 December 31, 2023
Ubuntu (Trusty) 14.04 (ESM) April 1, 2024
Ubuntu (Groovy) 20.10 July 22, 2021
Ubuntu (Hirsute) 21.04 January 20, 2022
Ubuntu (Impish) 21.10 July 31, 2022
Ubuntu (Kinetic) 22.10 July 20, 2023
Ubuntu (Lunar Lobster) 23.04 January 25, 2024